How close to a jailbreak is it?

An estimate from Security Engineer Min(Spark) Zheng describes the existing work as about 66% of a full jailbreak. This figure is derived from Donenfeld’s kernel exploit (33%), combined with Ian Beer’s triple_fetch sandbox escape, which was already known (33%). According to Zheng, the missing 33% is a kernel protection bypass patch. However, Donenfeld appears to think such a patch is not necessary, and KPP is not a problem. It remains to be seen if that is the case, but if so, the existing exploit would be much closer to 100%.

Of course, even with the full set of exploits, someone would still need to package them together, include Cydia (possibly rewriting some of it), and add offsets for every different device and firmware. It’s likely that Saurik would have to be the one to perform any modifications to Cydia, though the offsets for all 64-bit devices from iOS 10.2-10.3.1 have already been published, which removes some of the hassle for anyone seeking to bundle the exploit into a jailbreak utility.

Which devices does the exploit run on?

It apparently works on all 64-bit devices, including the iPhone 7 and iPhone 7 Plus, and on all firmwares up to and including iOS 10.3.1.

This is great news as any jailbreak arising from it should cover every 64-bit device, including the flagship, and wouldn’t leave an unsupported gap between Yalu (up to iOS 10.2) and itself. However, 32-bit devices will have to sit out this round.

What can it do?

Aside from the possibility of a full jailbreak, there are a couple of other useful consequences which could come out of it. It’s possible that the bugs used in the exploit could be back-ported to the mach_portal jailbreak, increasing stability for users jailbroken on iOS 10.1.1 or lower. Another possibility is that it will allow users to set a nonce on firmwares up to iOS 10.3.1, which will let them downgrade with blobs to a jailbreakable firmware such as iOS 10.2, using futurerestore. This will be less important if a full jailbreak is released of course, but it would at least give some users a way to return to a jailbreakable firmware if they’re stuck on iOS 10.2.1-10.3.1.

With luck, someone will be able to make use of this great bit of research to provide us with a jailbreak, but until then, don’t update any devices on iOS 10.3.1 or lower (or any at all in fact), and guard your blobs jealously.